diff options
author | Jonas Smedegaard <dr@jones.dk> | 2013-03-09 17:21:43 +0100 |
---|---|---|
committer | Jonas Smedegaard <dr@jones.dk> | 2013-03-13 11:39:37 +0100 |
commit | 1110201eddb377e0b900f6f9f8de93fcddfde1a3 (patch) | |
tree | 5a0950b254ad43e54809268e15c0922be07243e3 /src/share | |
parent | ddb31eda39e80b9dbf338e3b3b848ad4fcb549bc (diff) |
Preserve (instead of collapse) arguments in su_monkeysphere_user().
It is a healthy coding practice to keep each argument separate when
executing system calls, i.e. quote each variable separately instead of
relying on whitespace to indicate argument separation.
Quoting shell-inside-shell is tricky to do right, but not impossible:
Bourne-derived shells treat single-quoting literally, which means that
shell command arguments (i.e. an array of strings) should be safe to
serialize (dual-quote) using these simple rules:
b) each single-quote inside each string is escaped as '\''
a) each string is surrounded by single-quotes
This patch applies above single-quote serialization for
su_monkeysphere_user().
This appears to break for commands that start with variable
assignment, like:
PAGER=cat git diff
So as long as we do not use that form, su_monkeysphere_user() should
not treat its variables any worse than previous non-quoting.
Diffstat (limited to 'src/share')
-rwxr-xr-x | src/share/common | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/share/common b/src/share/common index 508b064..78fb04e 100755 --- a/src/share/common +++ b/src/share/common @@ -101,15 +101,19 @@ su_monkeysphere_user() { # introduce an extra dependency just for this. This may be a # candidate for re-factoring if we switch implementation languages. + # singlequote-escape strings - like this bashism: + # printf -v CMDLINE "%q " "$@" + local CMDLINE="$(perl -0 -e "foreach (@ARGV) {s/'/'\\\\''/g; print \"'\$_' \"}" "$@")" + case $(id -un) in # if monkeysphere user, run the command under bash "$MONKEYSPHERE_USER") - bash -c "$*" + bash -c "$CMDLINE" ;; # if root, su command as monkeysphere user 'root') - su "$MONKEYSPHERE_USER" -c "$*" + su "$MONKEYSPHERE_USER" -c "$CMDLINE" ;; # otherwise, fail |